Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: Sourceforge attack SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Sourceforge attack

 Like most of you have been aware of attacks on Sourceforge. Not sure what the motives behind these are, but a number of devices have been compromised and for those of you who host projects there you will have seen that some services are not available.  A number of you have also received a password reset email. 

"We recently experienced a directed attack on SourceForge infrastructure
( and so we are
resetting all passwords in the database -- just in case.  We're
e-mailing all registered account holders to let you know about this
change to your account."

The email directs you to the "forgot password" page to reset your passwords.  As with all email containing links mak sure you check it or follow the advice, but go to the sourceforge pages directly rather than clicking a link in an email. 

The netblog states that code hosted is not affected. 

Hopefully they will find out who is behind it and they will let all of us know. 



392 Posts
ISC Handler
Jan 29th 2011
Their full report about the attack is available at

Sign Up for Free or Log In to start participating in the conversation!